Yahoo announced on Sept. 22 that it was hacked in 2014 and "at least 500 million user accounts" were stolen.
The announcement states that the hack was done by a "state-sponsored actor" and that account information stolen could include "names, email addresses, telephone numbers, date of birth, hashed passwords (the vast majority with bcrypt), and in some cases, encrypted or encrypted security answers and questions." In short, change your password right now and don't make it something easy to guess.
If you were affected, Yahoo will let you know and ask you to change your password and "security questions and answers."
This isn't the first hack to ever happen, which is why using a password manager and not using the same password is so important.